Chat now with support
Chat with Support

Safeguard Authentication Services 5.0.1 - Upgrade Guide

Privileged Access Suite for Unix Introducing One Identity Safeguard Authentication Services Upgrade the web console Upgrade Windows components Configure Active Directory Configure Unix agent components Upgrade client components manually Getting started with Safeguard Authentication Services
Getting acquainted with the Control Center Learning the basics

Starling Attributes: Configure LDAP attributes for use with push notifications

You can specify the user mobile number and user email address attributes to be used by the Starling push notifications.

Modifications to the Starling schema attributes configuration are global and apply to all Authentication Services clients in the forest. For users configured to use Starling, this could cause user logins to fail.

To configure custom LDAP attributes for use with Starling push notifications

  1. From the Control Center, navigate to the Starling Attributes in one of the following two ways:
    • Preferences | Starling Two-Factor Authentication and click the Starling Attributes link.
    • Preferences | Schema Attributes
  2. Click the Unix Attributes link in the upper right to display the Customize Schema Attributes dialog.
  3. Enter the LDAP display name for one or both of the Starling attributes used by the Starling push notifications:

    • User Mobile Number
    • User Email Address
  4. Click OK.
  5. Click Yes to confirm that you want to modify the Starling schema attributes configuration.
  6. Back on the Starling Two-Factor Authentication preference pane, the Starling attributes to be used are displayed.

Management Console for Unix Configuration

Management Console for Unix allows you to centrally manage Safeguard Authentication Services agents running on Unix, Linux, and macOS systems.

With the management console you can:

  • Remotely deploy the Safeguard Authentication Services agent software.
  • Manage local user and group accounts.
  • Configure account mappings from local users to Active Directory accounts.
  • Report on a variety of security and host access related information.

You can install the management console on supported Unix, Linux, and macOS platforms. Once installed, you can access it from a browser using default port of 9443 or from the Control Center.

You can run the One IdentityManagement Console for Unixmanagement console within the Control Center or you can run it separately in a supported web browser. The management console is a separate install on Windows, Unix, Linux, or macOS that you can launch from the ISO.

Typically, you install one management console per environment to avoid redundancy. One Identity does not advise managing a Unix host by more than one management console in order to avoid redundancy and inconsistencies in stored information. If you manage the same Unix host by more than one management console, you should always re-profile that host to minimize inconsistencies that may occur between instances of the management consoles.

Install instance of Management Console for Unix

You must install an instance of Management Console for Unix in your environment in order to access the Management Console. The installation can be accessed from the Safeguard Authentication Services distribution media:

  1. Double click autorun.exe.
  2. Select Setup | Management Console for Unix.

Access the MCU configuration from the Control Center

From the Control Center, select Preferences then Management Console for Unix Configuration. The configuration for the Management Console for Unix displays. If the Management Console cannot be located, you will see a message like: The Management Console could not be located. Specify a URL where Management Console for Unix is running. The URL can be specified on this page.

Specify the following:

  • Protocol: Enter the SSL/TLS protocol, TCP or UPD. For details, see Network port requirements.
  • Hostname: Enter the host name, for example localhost.
  • Port: The port for the Management Console installation. The default SSL port number is 9443. For details, see Network port requirements.
  • Path: Enter the path. On Unix, the install location is /opt/quest/mcu and you cannot specify an alternate path.
  • URL: Enter the https URL, for example https://<Hostname or IP address>:<port>. Management Console for Unix requires that all connections to the browser are secured with the SSL/TLS protocol. Therefore, you must use the https URL. A http protocol may result in unexpected behavior.

Click Apply.

For more information

For details, go to these sections of this documentation:

Also see the One Identity Management Console for Unix - Administration Guide available on the Safeguard for Authentication Services Technical Documentation page, along with the latest Release Notes.

Learning the basics

The topics in this section help you learn how to do some basic system administration tasks using the Control Center and Management Console for Unix.

Note: The exercises in this section assume that you have successfully installed Safeguard Authentication Services and Management Console for Unix and have added a host to the console and joined it to Active Directory. For more information, see Prepare Unix hosts.

This section shows you how to create the following test user and group accounts used in various examples:

  • A local group name called localgroup
  • A local user object called localuser
  • An Active Directory group object called UNIXusers
  • An Active Directory user object called ADuser

One Identity recommends that you work through the topics in this section in order as a self-directed "test drive" of some of the key product features. You will learn how easy it is to manage your users and groups from the management console.

Adding a local group

You can use the management console to remotely add a local group to the host.

Note: This topic instructs you to set up a local group by the name of "localgroup" referred to by other examples in this guide.

To add a local group to the host

  1. From the Management Console for Unix, open the Host | All Hosts view.
  2. From the All Hosts view, double-click a host name to open its properties.
  3. Select the Groups tab and click Add Group.
  4. In the Add New Group dialog, enter localgroup as a local group name in the Group Name box and click Add Group.
  5. In the Log on to Host dialog, enter your credentials and click OK.

    Note: This task requires elevated credentials. Credential information is entered by default from the cache.

    The new local group account is added to the system and management console.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating